head 1.6; access; symbols pkgsrc-2013Q2:1.6.0.6 pkgsrc-2013Q2-base:1.6 pkgsrc-2012Q4:1.6.0.4 pkgsrc-2012Q4-base:1.6 pkgsrc-2011Q4:1.6.0.2 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q2:1.5.0.6 pkgsrc-2011Q2-base:1.5 pkgsrc-2011Q1:1.5.0.4 pkgsrc-2011Q1-base:1.5 pkgsrc-2010Q4:1.5.0.2 pkgsrc-2010Q4-base:1.5 pkgsrc-2009Q4:1.4.0.28 pkgsrc-2009Q4-base:1.4 pkgsrc-2008Q4:1.4.0.26 pkgsrc-2008Q4-base:1.4 pkgsrc-2008Q3:1.4.0.24 pkgsrc-2008Q3-base:1.4 cube-native-xorg:1.4.0.22 cube-native-xorg-base:1.4 pkgsrc-2008Q2:1.4.0.20 pkgsrc-2008Q2-base:1.4 pkgsrc-2008Q1:1.4.0.18 pkgsrc-2008Q1-base:1.4 pkgsrc-2007Q4:1.4.0.16 pkgsrc-2007Q4-base:1.4 pkgsrc-2007Q3:1.4.0.14 pkgsrc-2007Q3-base:1.4 pkgsrc-2007Q2:1.4.0.12 pkgsrc-2007Q2-base:1.4 pkgsrc-2007Q1:1.4.0.10 pkgsrc-2007Q1-base:1.4 pkgsrc-2006Q4:1.4.0.8 pkgsrc-2006Q4-base:1.4 pkgsrc-2006Q3:1.4.0.6 pkgsrc-2006Q3-base:1.4 pkgsrc-2006Q2:1.4.0.4 pkgsrc-2006Q2-base:1.4 pkgsrc-2006Q1:1.4.0.2 pkgsrc-2006Q1-base:1.4 pkgsrc-2005Q4:1.3.0.2 pkgsrc-2005Q4-base:1.3 pkgsrc-2005Q3:1.2.0.8 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.6 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.4 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.2 pkgsrc-2004Q4-base:1.2; locks; strict; comment @# @; 1.6 date 2011.07.08.09.49.22; author adam; state dead; branches; next 1.5; 1.5 date 2010.11.30.07.12.49; author obache; state Exp; branches; next 1.4; 1.4 date 2006.02.07.12.20.52; author lha; state dead; branches; next 1.3; 1.3 date 2005.10.26.16.44.24; author jlam; state Exp; branches 1.3.2.1; next 1.2; 1.2 date 2004.12.14.19.24.29; author jlam; state dead; branches; next 1.1; 1.1 date 2004.12.04.03.59.27; author jlam; state Exp; branches; next ; 1.3.2.1 date 2006.02.08.15.59.35; author salo; state dead; branches; next ; desc @@ 1.6 log @Changes 1.4: New features * Support for reading MIT database file directly * KCM is polished up and now used in production * NTLM first class citizen, credentials stored in KCM * Table driven ASN.1 compiler, smaller!, not enabled by default * Native Windows client support Notes * Disabled write support NDBM hdb backend (read still in there) since it can't handle large records, please migrate to a diffrent backend (like BDB4) Changes 1.3.3: Bug fixes * Check the GSS-API checksum exists before trying to use it [CVE-2010-1321] * Check NULL pointers before dereference them [kdc] Changes 1.3.2: Bug fixes * Don't mix length when clearing hmac (could memset too much) * More paranoid underrun checking when decrypting packets * Check the password change requests and refuse to answer empty packets * Build on OpenSolaris * Renumber AD-SIGNED-TICKET since it was stolen from US * Don't cache /dev/*random file descriptor, it doesn't get unloaded * Make C++ safe * Misc warnings @ text @$NetBSD: patch-ah,v 1.5 2010/11/30 07:12:49 obache Exp $ --- include/make_crypto.c.orig 2008-01-24 13:13:41.000000000 +0000 +++ include/make_crypto.c @@@@ -71,7 +71,9 @@@@ main(int argc, char **argv) fputs("#include \n", f); fputs("#include \n", f); fputs("#include \n", f); + fputs("#ifndef OPENSSL_NO_MD2\n", f); fputs("#include \n", f); + fputs("#endif /* OPENSSL_NO_MD2 */\n", f); fputs("#include \n", f); fputs("#include \n", f); fputs("#include \n", f); @ 1.5 log @Fixes build with OPENSSL_NO_MD2. @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @http://www.pdc.kth.se/heimdal/releases/0.7.2/ http://www.pdc.kth.se/heimdal/advisory/2006-02-06/ Changes in Heimdal 0.7.2 * Fix security problem in rshd that enable an attacker to overwrite and change ownership of any file that root could write. * Fix a DOS in telnetd. The attacker could force the server to crash in a NULL de-reference before the user logged in, resulting in inetd turning telnetd off because it forked too fast. * Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name exists in the keytab before returning success. This allows servers to check if its even possible to use GSSAPI. * Fix receiving end of token delegation for GSS-API. It still wrongly uses subkey for sending for compatibility reasons, this will change in 0.8. * telnetd, login and rshd are now more verbose in logging failed and successful logins. * Bug fixes @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.3 2005/10/26 16:44:24 jlam Exp $ d3 12 a14 97 --- lib/krb5/init_creds.c.orig 2005-09-09 08:12:13.000000000 -0400 +++ lib/krb5/init_creds.c @@@@ -40,7 +40,7 @@@@ krb5_get_init_creds_opt_init(krb5_get_in { memset (opt, 0, sizeof(*opt)); opt->flags = 0; - opt->private = NULL; + opt->opt_private = NULL; } krb5_error_code KRB5_LIB_FUNCTION @@@@ -56,13 +56,13 @@@@ krb5_get_init_creds_opt_alloc(krb5_conte return ENOMEM; } krb5_get_init_creds_opt_init(o); - o->private = calloc(1, sizeof(*o->private)); - if (o->private == NULL) { + o->opt_private = calloc(1, sizeof(*o->opt_private)); + if (o->opt_private == NULL) { krb5_set_error_string(context, "out of memory"); free(o); return ENOMEM; } - o->private->refcount = 1; + o->opt_private->refcount = 1; *opt = o; return 0; } @@@@ -82,16 +82,16 @@@@ _krb5_get_init_creds_opt_copy(krb5_conte } if (in) *opt = *in; - if(opt->private == NULL) { - opt->private = calloc(1, sizeof(*opt->private)); - if (opt->private == NULL) { + if(opt->opt_private == NULL) { + opt->opt_private = calloc(1, sizeof(*opt->opt_private)); + if (opt->opt_private == NULL) { krb5_set_error_string(context, "out of memory"); free(opt); return ENOMEM; } - opt->private->refcount = 1; + opt->opt_private->refcount = 1; } else - opt->private->refcount++; + opt->opt_private->refcount++; *out = opt; return 0; } @@@@ -99,13 +99,13 @@@@ _krb5_get_init_creds_opt_copy(krb5_conte void KRB5_LIB_FUNCTION krb5_get_init_creds_opt_free(krb5_get_init_creds_opt *opt) { - if (opt->private == NULL) + if (opt->opt_private == NULL) return; - if (opt->private->refcount < 1) /* abort ? */ + if (opt->opt_private->refcount < 1) /* abort ? */ return; - if (--opt->private->refcount == 0) { + if (--opt->opt_private->refcount == 0) { _krb5_get_init_creds_opt_free_pkinit(opt); - free(opt->private); + free(opt->opt_private); } memset(opt, 0, sizeof(*opt)); free(opt); @@@@ -293,7 +293,7 @@@@ require_ext_opt(krb5_context context, krb5_get_init_creds_opt *opt, const char *type) { - if (opt->private == NULL) { + if (opt->opt_private == NULL) { krb5_set_error_string(context, "%s on non extendable opt", type); return EINVAL; } @@@@ -310,8 +310,8 @@@@ krb5_get_init_creds_opt_set_pa_password( ret = require_ext_opt(context, opt, "init_creds_opt_set_pa_password"); if (ret) return ret; - opt->private->password = password; - opt->private->key_proc = key_proc; + opt->opt_private->password = password; + opt->opt_private->key_proc = key_proc; return 0; } @@@@ -324,7 +324,7 @@@@ krb5_get_init_creds_opt_set_pac_request( ret = require_ext_opt(context, opt, "init_creds_opt_set_pac_req"); if (ret) return ret; - opt->private->req_pac = req_pac ? + opt->opt_private->req_pac = req_pac ? KRB5_PA_PAC_REQ_TRUE : KRB5_PA_PAC_REQ_FALSE; return 0; @ 1.3 log @Pull in change from Heimdal CVS committed on 20051012 where the field in a publicly-exported structure was renamed from "private" to "opt_private". This allows to be used by C++ compilers. Bump the PKGREVISION to 1. @ text @d1 1 a1 1 $NetBSD$ @ 1.3.2.1 log @Pullup ticket 1106 - requested by Love Hornquist Astrand security update for heimdal Revisions pulled up: - pkgsrc/security/heimdal/Makefile 1.54 - pkgsrc/security/heimdal/distinfo 1.19 - pkgsrc/security/heimdal/patches/patch-ab removed - pkgsrc/security/heimdal/patches/patch-ak removed - pkgsrc/security/heimdal/patches/patch-ae removed - pkgsrc/security/heimdal/patches/patch-af removed - pkgsrc/security/heimdal/patches/patch-ag removed - pkgsrc/security/heimdal/patches/patch-ah removed - pkgsrc/security/heimdal/patches/patch-ai removed - pkgsrc/security/heimdal/patches/patch-aj removed Module Name: pkgsrc Committed By: lha Date: Tue Feb 7 12:20:52 UTC 2006 Modified Files: pkgsrc/security/heimdal: Makefile distinfo Removed Files: pkgsrc/security/heimdal/patches: patch-ab patch-ae patch-af patch-ag patch-ah patch-ai patch-aj patch-ak Log Message: http://www.pdc.kth.se/heimdal/releases/0.7.2/ http://www.pdc.kth.se/heimdal/advisory/2006-02-06/ Changes in Heimdal 0.7.2 * Fix security problem in rshd that enable an attacker to overwrite and change ownership of any file that root could write. * Fix a DOS in telnetd. The attacker could force the server to crash in a NULL de-reference before the user logged in, resulting in inetd turning telnetd off because it forked too fast. * Make gss_acquire_cred(GSS_C_ACCEPT) check that the requested name exists in the keytab before returning success. This allows servers to check if its even possible to use GSSAPI. * Fix receiving end of token delegation for GSS-API. It still wrongly uses subkey for sending for compatibility reasons, this will change in 0.8. * telnetd, login and rshd are now more verbose in logging failed and successful logins. * Bug fixes @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.3 2005/10/26 16:44:24 jlam Exp $ @ 1.2 log @Change the way that openssl/builtin.mk handles the USE_OLD_DES_API flag. The idea is to prevent needing to patch source files for packages that use OpenSSL for DES support by ensuring that including will always present the old DES API. (1) If des_old.h exists, then we're using OpenSSL>=0.9.7, and already does the right thing. (2) If des_old.h doesn't exist, then one of two things is happening: (a) If is old and (only) supports the old DES API, then does the right thing. (b) If it's NetBSD's Special(TM) one that stripped out the old DES support into a separate library and header (-ldes, ), then we create a new header that includes the system one and . Also modify existing packages that set USE_OLD_DES_API to simply include instead of either or (This step is mostly just removing unnecessary patches). This should fix building packages that use OpenSSL's old DES API support on non-NetBSD systems where the built-in OpenSSL is at least 0.9.7. @ text @d1 1 a1 1 $NetBSD: patch-ah,v 1.1 2004/12/04 03:59:27 jlam Exp $ d3 97 a99 11 --- include/make_crypto.c.orig 2003-05-05 16:10:27.000000000 -0400 +++ include/make_crypto.c @@@@ -61,7 +61,7 @@@@ main(int argc, char **argv) fprintf(f, "#define __%s__\n", argv[1]); #ifdef HAVE_OPENSSL fputs("#define OPENSSL_DES_LIBDES_COMPATIBILITY\n", f); - fputs("#include \n", f); + fputs("#include \n", f); fputs("#include \n", f); fputs("#include \n", f); fputs("#include \n", f); @ 1.1 log @Set USE_OLD_DES_API and replace custom changes to work with NetBSD-2.0's OpenSSL, with patches to use . @ text @d1 1 a1 1 $NetBSD$ @